← Legacy view v2 (rp.*)

vasu-devs/justhireme

https://github.com/vasu-devs/JustHireMe.git · lang: python · LOC: · source: user_submitted

Quality
75.3
Grade B+
Security
86.7
Findings
6
0 critical · 1 high
Status
completed
May 16, 2026 04:23
info: 3 high: 1 low: 1 medium: 1
Top rules by occurrence
RuleSeverityCount
SEC015 Insecure Randomness for Security medium 3
SEC004 SQL Injection Risk high 1
SEC006 XSS Risk high 1
SEC012 ZipSlip — Archive Path Traversal medium 1
First 6 findings (severity-sorted)
high SEC004 SQL Injection Risk
backend/data/sqlite/leads.py:162 · conf 1.00 
[SEC004] SQL Injection Risk: String interpolation in SQL execution. Allows SQL injection.
medium SEC012 ZipSlip — Archive Path Traversal
backend/automation/browser_runtime.py:83 · conf 1.00 
[SEC012] ZipSlip — Archive Path Traversal: Archive extraction without path validation allows writing files outside the target directory.
low SEC006 XSS Risk
src/main.tsx:14 · conf 0.40 
[SEC006] XSS Risk: Direct HTML injection without sanitization.
info SEC015 Insecure Randomness for Security
Designs/JustHireMe (Remix)/src/profile.jsx:13 · conf 0.25 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
src/shared/hooks/useWS.ts:114 · conf 0.15 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.
info SEC015 Insecure Randomness for Security
website/src/main.jsx:127 · conf 0.10 
[SEC015] Insecure Randomness for Security: Weak PRNG used in security-sensitive context. Output is predictable.

Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/701ac848-7ef8-4465-9114-3ffa04a48126/.